With hybrid or multi-clouds, companies can work much more flexibly, react faster, and set up new business models. The downside is that it makes the job of the IT departments more complex at the cost of less transparency. Why companies need to rethink and embrace cloud native security if they want to guarantee the necessary security and meet compliance requirements – and why DevOps teams also benefit.
Companies are becoming increasingly agile, as the management and technology consultancy BearingPoint recently found out. This is good news. The pandemic has recently shown how important a higher degree of flexibility is for business success. If you think you can hear a faint "but", you are on the right track. In fact, I'm afraid that people are currently losing sight of the issue of security in many places. I can understand, because many companies simply lack transparency with respect to their multi-cloud landscapes. The management relies on conventional tools to prepare for threats from the network. Anyone who wants to become more agile with infrastructure as a service, containers, or virtual machines needs modern vulnerability management and cloud native security – i.e. a security concept that was developed for cloud computing. Modern cloud architectures and DevOps are turning traditional concepts for security, governance and compliance on their head. The goal must, therefore, be automated, managed security.
According to the study by Palo Alto Networks, 57 percent of the companies surveyed use six or more security solutions. Many would rather have a single solution that covers everything. What are the criteria which a cloud native offering actually has to meet?
• Do not design your cloud native security just for the public cloud, because the future is multi-cloud.
• When choosing your security solution, make sure that it offers visibility into all of your cloud resources.
• Clarify whether the system is up to date in terms of security, governance, and compliance.
• Your solution should report in detail on all risks – including user assignment and the resources involved.
• Vulnerability management and application level security are mandatory.
• The system must be capable of detecting anomalies in the network.
• The offering must include identity and access management (IAM).
A modern security solution should always support you in two ways: Thanks to cloud security posture management (CSPM), you know which resources are located where in your clouds. It protects your data, and provides automated protection for governance and compliance. However, make sure that threat detection and automated response are also included. Your security solution should also secure your cloud-based workloads and operating system data, and protect your containers, serverless functions, and virtual machines. This is referred to by experts as a cloud work protection platform (CWPP).
We know that our customers need consistent security across all clouds. We call this security first and it should apply across the board – irrespective of how many security and cloud specialists the company employs. To keep you one step ahead in terms of security, T-Systems offers a managed security and compliance service for the entire technology stack and for all your cloud applications.